Hello.
If a company does not have an international presence or international access is not needed, we start by blocking the most common countries where hacking originates; outside the US: such as China, India (although this one may be tough with so much tech and software support outsourced to India today), Turkey, Russia, Taiwan, Brazil, Romania, Italy, Hungary. I also usually block Democratic People’s Republic of Korea (North Korea), and Saudi Arabia.

Then if we have any connection issues I monitor the firewall logs and look for any Geo-IP blocks that may be causing issue. can always add more protection and then monitor to see the result.

We are looking at Proofpoint (https://www.proofpoint.com/), FireEye, Darktrace and Cylance as well. They are almost in the same price range (per user/endpoint/per year) although Cylance is less responsive in terms of cost.

While the first and last line of defense is the end user, we implement phishing tests from KnowBe4 to ascertain the enterprise readiness. Training and cognizance is key. After all, the saying goes (and is so true) that “Common sense is not so common at all.”